mirror of
https://github.com/opnsense/src.git
synced 2026-04-24 15:48:48 -04:00
cab8cba36f
problem, it still didn't DTRT for services that did not have a service-
specific policy if /etc/pam.d existed but did not contain an "other"
policy. This fixes the problems some people have experienced with sudo.
And I almost didn't have to use goto.
The current configuration sequence is:
1) Look for /etc/pam.d/foo
2) If PAM_READ_BOTH_CONFS is defined, or step 1) failed, look for
foo in /etc/pam.conf
3) Look for /etc/pam.d/other (to fill in the gaps)
4) If PAM_READ_BOTH_CONFS is defined, or step 3) failed, look for
other in /etc/pam.conf
I believe this is the intended behaviour of the original code. The least
surprising behaviour seems to be when PAM_READ_BOTH_CONFS is not defined -
/etc/pam.d/foo will be preferred over /etc/pam.conf, but the latter will
serve as a backup if the former does not exist.
Sponsored by: DARPA, NAI Labs
|
||
|---|---|---|
| .. | ||
| include/security | ||
| Makefile | ||
| pam_account.c | ||
| pam_auth.c | ||
| pam_data.c | ||
| pam_delay.c | ||
| pam_dispatch.c | ||
| pam_end.c | ||
| pam_env.c | ||
| pam_handlers.c | ||
| pam_item.c | ||
| pam_log.c | ||
| pam_malloc.c | ||
| pam_map.c | ||
| pam_misc.c | ||
| pam_password.c | ||
| pam_private.h | ||
| pam_second.c | ||
| pam_session.c | ||
| pam_start.c | ||
| pam_static.c | ||
| pam_strerror.c | ||
| pam_tokens.h | ||